Unknown Malware May Be Rampant in Enterprise Networks

SANTA CLARA, Calif., Nov. 8, 2011 /PRNewswire/ — New research from Palo Alto Networks conducted using the company’s WildFire malware analysis engine shows that targeted and unknown malware are a reality in enterprise networks today, finding hundreds of unique, previously-unknown malware samples on live networks. Every network that tested WildFire’s virtualized sandbox technology uncovered instances of real-world attacks from malware that was previously unknown to the security industry. Researchers were also able to observe how phishing campaigns are branching out to new applications, such as web-based file hosting and webmail applications, to deliver their malware.

Over Half of Malware Found by WildFire Was Unknown to Security Industry

The new WildFire cloud-based analysis engine found that seven percent of all unknown files analyzed contained malware. Over a three month period of analyzing unknown files from the Internet entering enterprise networks, more than 700 unique malware samples were discovered, 57 percent of which had no coverage by any antivirus service or were unknown by Virus Total at the time of discovery. Out of all of the new malware identified, 15 percent also generated malicious or unknown outbound command and control traffic.

“I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks,” said Wade Williamson, Senior Security Analyst at Palo Alto Networks. “Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines. The ability to detect, remediate and investigate unknown malware needs to become a practical part of a threat prevention strategy in the same way that IPS and URL filtering are used today.”

Criminals Using New Web Application Types for Malware Distribution

WildFire found that zero-day malware was distributed by a wide variety of web applications, in addition to the traditional HTTP web-browsing and email traffic commonly associated with malware distribution. By using the next-generation firewall’s ability to identify all applications, WildFire was able to identify specific phishing campaigns based on their affinity for particular applications. One attacker used AOL Mail almost exclusively while another used the Hotfile file hosting service as the delivery vector.

For more information, visit www.paloaltonetworks.com.

Leave a Reply